Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

NVD
NVDadded 2025/11/08 10:15 a.m.2 views

CVE-2025-11980

The Quick Featured Images plugin for WordPress is vulnerable to SQL Injection via the 'deleteorphaned' function in all versions up to, and including, 13.7.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

4.9CVSS0.00033EPSS
Exploits0References4
Tenable Nessus
Tenable Nessusadded 2022/11/18 12:0 a.m.30 views

WordPress Plugin 'Advanced Custom Fields' < 5.12.4, 6.x < 6.0.3 Custom Field Value Exposure

The WordPress application running on the remote host has a version of the 'Advanced Custom Fields' plugin that is prior to 5.12.4 or 6.x prior to 6.0.3. It is, therefore, affected by a custom field value exposure through parsed shortcode from user input vulnerability. Note that Nessus has not...

7.5CVSS7.4AI score0.00498EPSS
Exploits0References3
Patchstack
Patchstackadded 2022/10/18 12:0 a.m.64 views

WordPress Advanced Custom Fields plugin 3.1.1 - 6.0.2 - Custom Field Value Exposure vulnerability

Custom Field Value Exposure Through Parsed Shortcode from User Input vulnerability discovered by Juan Hoffmann in WordPress Advanced Custom Fields plugin versions 3.1.1 - 6.0.2. Solution Update the WordPress Advanced Custom Fields plugin to the latest available version at least 6.0.3...

1.6AI score0.00498EPSS
Exploits0References1Affected Software1
Atlassian
Atlassianadded 2014/02/20 12:35 p.m.218 views

Grant "Browse Project" permission to "User Custom Field Value" makes project visible to all users

panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-37117. panel If in your permission schema, you grant Browse Project permission to "User Custom Field Value", the project is visible to all...

2.7AI score
Exploits0Affected Software1
NVD
NVDadded 2011/02/28 4:0 p.m.10 views

CVE-2011-1008

ScripsOverlay.pm in Best Practical Solutions RT before 3.8.9 does not properly restrict access to a TicketObj in a Scrip after a CurrentUser change, which allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated by custom-field value information,...

4CVSS6.2AI score0.0061EPSS
Exploits0References15
Atlassian
Atlassianadded 2009/07/28 5:51 a.m.23 views

Allow issue security level to use any custom field that implements UserCFNotificationTypeAware

It would be useful to be able to set the security level on an issue to include everyone who participated on an issue so if you had a security level that was only the reporter and the assignee, if the issue needs to get reassigned the issue could still be seen by the original assignee. The JIRA...

0.6AI score
Exploits0Affected Software1
Rows per page
Query Builder